1. Field of the Invention
The present invention relates to an apparatus and a method for protecting the integrity of data, such as may be applied in processing and storing data by means of, for example, a microcontroller.
2. Description of Prior Art
It is desirable, in many application scenarios, to protect stored data from being accessed by unauthorized persons, which is why they are stored in a memory in an encrypted form. Here, the data may be altered, during their transfer via a bus system or during their dwell time in the memory, due to randomly occurring errors, or faults, e.g. an individual bit being toggled. An attacker who wants to compromise the security of a system by means of fault attacks will deliberately alter data stored, more than one bit of a data packet which is stored or transmitted via a bus being altered in fault attacks in most cases. In addition to encrypting the data stored, what is also required therefore is an apparatus which may recognize any alteration of the data which is caused at random or deliberately.
To generally recognize attacks on a system, sensors are used in some places. These sensors may be, for example, voltage-measuring instruments for recognizing overvoltages which are deliberately fed into a system. In addition, temperature and light sensors are used for recognizing, for example, a housing being opened or ground open.
Another possibility of protection is to provide data words with redundancy information before they are stored, the redundancy information allowing the detection the alteration of bits of a data word digitally stored, and, depending on the property of the redundancy information, allowing the alteration to be corrected. Here, the redundancy information is typically attached to the data after it has been encrypted, so as to recognize an alteration of the encrypted data in an external memory area. The German patent application 10 2005 001953.6 additionally describes a method for verifying a data set consisting of several data words, wherein a redundancy data word is formed by “XORing” all data words prior to encrypting, the data set being encrypted word for word and being stored after the redundancy formation.
The detection of an attack by means of sensors does not enable a “saturation”, or comprehensive, detection of a fault attack, and gives rise to considerably higher cost than, for example, a purely digital circuit. Saturation here means that the entire data path cannot be monitored with physical sensors from the moment of data generation. Adding the redundancy information after the data has been encrypted has the great advantage that, in this way, only errors which occur in the external memory can be proven. Data errors which occur—at random or due to an attack—in the data between the calculating unit and the encryption unit, cannot be recognized. XORing the data prior to encryption has the disadvantage that, due to the mathematical simplicity of the XOR operation, attacks may be discovered only if an odd number of data bits of the data set have been altered by the attack.